Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Mystery 'Onion/Critroni' ransom Trojan evolves to use more sophisticated encryption

John E Dunn | July 29, 2014
Kaspersky Lab has added more detail on the fiendish ‘Onion' (aka 'Critroni') ransom Trojan that uses the Tor anonymity service to hide its command and control (C&C) as well as displaying a level of thoughtfulness about its encryption design that bodes ill for future attacks.

"Now it seems that Tor has become a proven means of communication and is being utilised by other types of malware," said Sinitsyn, who believed that its use had proved successful.

"Hiding the command and control servers in an anonymous Tor network complicates the search for the cybercriminals, and the use of an unorthodox cryptographic scheme makes file decryption impossible, even if traffic is intercepted between the Trojan and the server, he added.

"All this makes it a highly dangerous threat and one of the most technologically advanced encryptors out there."

So far, the Trojan seems to have been picked up at a relatively early part of its release so it is not invulnerable. The number of infected system in a handful of countries numbered only a few dozen, the firm said, although different variants probably also existed.

Ransom and encryption-based malware is going through a boom right now, spurred on by the toxic legacy of CryptoLocker's success. When that was disrupted in June, police said that it might return in time. A more disturbing possibility is that it won't return at all but a clutch of skilled imitators will.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.